Zaphod Beeblebrox wrote on 2024-05-09, 20:48:

Sure! I've installed it anyways of course, seems to me that Defender with Cloud enabled detects way more false positives.

Yes, it seems it's the Cloud version that detects it falsely and of course it is not the verison that MS uses on Virustotal...

So it is starting again. If I was not fast enough with my reporting to MS then other AV vendors that respect MS detection result take over the verdict and will flag the file as malicious.
I'm thinking that eventually I stop releasing binary versions. I'm really fed up with this antivirus nonsense that takes almost as much free time from me as development.

@Edit:
To prevent further escalation I have changed the file to the self signed version. As I said this way one more AV engine detects it as malicious (Trapmine) but it seems MS defender cloud version does not detect it falsely as a trojan anymore.
https://github.com/Falcosoft/vstdriver/releases/tag/v2.5.0

https://www.virustotal.com/gui/file/36e62c255 … 56788?nocache=1

@Edit2:
MS accepted the false positive report so I changed the attachment on the release page to the original exe.

Falcosoft wrote on 2024-05-09, 21:29:

Yes, it seems it's the Cloud version that detects it falsely and of course it is not the verison that MS uses on Virustotal... […]
Show full quote

Zaphod Beeblebrox wrote on 2024-05-09, 20:48:

Sure! I've installed it anyways of course, seems to me that Defender with Cloud enabled detects way more false positives.

Yes, it seems it's the Cloud version that detects it falsely and of course it is not the verison that MS uses on Virustotal...
MS_AV.png

So it is starting again. If I was not fast enough with my reporting to MS then other AV vendors that respect MS detection result take over the verdict and will flag the file as malicious.
I'm thinking that eventually I stop releasing binary versions. I'm really fed up with this antivirus nonsense that takes almost as much free time from me as development.

Don't worry about it, MS can suck it.

VEG wrote on 2024-04-01, 14:21:

Another great update, thanks!

Does the self-signed code signing certificate actually help with anything? I doubt that it makes antivirus software happier.

I have made some experiments and the conclusive result is that Windows Defender (MS cloud protection) always respects my self-signed certificate. Some files are detected as various malwares/trojans until I sign them. The moment I sign them the same files are not detected anymore and not removed immediately.
In case of other AV engines the results are not so clear. Trapmine detects the installer exe to be malicious only when it is signed and CrowdStrike Falcon has the same tendency.
So there is no best overall solution but since Windows Defender is used much more often than e.g. Trapmine the self-signed version seems to be the better version to distribute.